Computer Attacks

Introduction

Using malicious programs like WinNuke, Papa Smurf, and Teardrop, intruders invade our privacy and undermine the integrity of our computers. In the 1999 Computer Security Institute/FBI computer crime survey, fifty-seven percent of organizations cite their Internet connection as a "frequent point of attack." Thirty percent reported that they had found actual intrusions into their networks and 26 percent reported theft of proprietary information. The incident handling entity for the civilian government, FedCIRC, reported that 130,000 government sites totaling 1,100,000 hosts were subject to attacks in 1998. Computer crime is substantial. It is clear that we must increase our efforts to secure our systems and mitigate crime in the relatively new medium of cyberspace.

In order to prevent attacks in cyberspace, systems administrators need a high-level understanding of the methods attackers use to penetrate computers. You cannot effectively fight a war without some knowledge of the weapons of your enemy. The Information Technology Laboratory, National Institute of Standards and Technology, researches the tricks of intruders and educates the public on how to stop them. This bulletin:

Presents an overview of hacker tools that penetrate computers;

Classifies the various attacks that attackers use against networks;

Statistically explores what kinds of computer attacks are being publicly published on the Internet;

Lists the most popular attacks on the Internet today;

Discusses security solutions that can prevent the majority of publicly available computer attacks.

Overview of Attacker Tools

Vast resources are available on the Internet that enable intruders to penetrate computer networks. Detailed software vulnerability information is publicly discussed on newsgroups. Attacking tutorials are available that describe how to write automated programs that penetrate computers by taking advantage of these vulnerabilities. Thousands of automated software tools have been written that enable anyone to launch computer attacks. Computer attacks are no longer found on obscure pirate bulletin boards but rather on publicly available commercial Web sites whose sole purpose is to serve up this information.

These computer attack programs are freely available to anyone on the Internet. Besides being available, these attacks are becoming easier to use. A few years ago, one had to have Unix to run an attack and had to know how to compile source code. Today, attacks with user-friendly graphical user interfaces (GUIs) that run on Windows hosts are available. Attack scripts are easy to use and dangerous. It is vital that systems administrators understand the danger these attacks pose and how to protect their networks against them.